Remote Network Analysis

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Remote Network Analysis"

Transcription

1 Remote Network Analysis - I know what you know - Torsten Höfler Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 1/41

2 Outline Advanced Scanning Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 2/41

3 Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 3/41

4 Motivation Motivation Typical Targets Structure of FW Systems Structure of FW Systems Possible Attacks play instinct :o) explore a remote network find backdoors check weaknesses prepare an attack fool IDS systems see which software your bank runs... Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 4/41

5 Typical Targets Motivation Typical Targets Structure of FW Systems Structure of FW Systems Possible Attacks Router / Firewalls / Packetfilter Intrusion Detection Systems Loghosts (to hide traces) servers - from the outside accessible (DMZ?) Client-Systems / Workstations Hardware-Systems (e.g. Access Points, Routers...) Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 5/41

6 Structure of FW Systems easy layout: Motivation Typical Targets Structure of FW Systems Structure of FW Systems Possible Attacks Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 6/41

7 Structure of FW Systems more complex layout(s): Motivation Typical Targets Structure of FW Systems Structure of FW Systems Possible Attacks Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 7/41

8 Possible Attacks Motivation Typical Targets Structure of FW Systems Structure of FW Systems Possible Attacks attacker (we) located in the Internet attacks performed from outside passive analysis (e.g. sniffing) noticeable active analysis (e.g. scanning) hidden active analysis (e.g. fingerprinting) analysis of topology (e.g. firewalking, tracing) social engineering Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 8/41

9 Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 9/41

10 Layer 2/3/4 Layer 2/3/4 Header-Analysis Header-Fields Header-Information Header-Analysis (example) Header-Analysis (example) Example More Examples Summary different possibilities: passive fingerprinting (without sending anything) Layer 4 (versions of used software products) Payload Analysis (not widely used, no tools available) Layer 2/3 (OS s TCP/IP implementation) Header-Analysis (widely used, tools available) Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 10/41

11 Header-Analysis Layer 2/3/4 Header-Analysis Header-Fields Header-Information Header-Analysis (example) Header-Analysis (example) Example More Examples Summary gives information about deployed topology: TTL: OS usually starts with typical values (255, 128, 64...) -> difference equals Hop-Count be aware of exceptions (e.g. traceroute)! offered or used services e.g.: analyse source or/and destination port Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 11/41

12 Header-Fields Layer 2/3/4 Header-Analysis Header-Fields Header-Information Header-Analysis (example) Header-Analysis (example) Example More Examples Summary Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 12/41

13 Header-Information Layer 2/3/4 Header-Analysis Header-Fields Header-Information Header-Analysis (example) Header-Analysis (example) Example More Examples Summary much information can be gained from the header fields: Field Location Tools? What? TTL IP x OS + Topology Fragmentation IP x OS + Topology Header Length IP x OS TOS IP - OS ID IP - OS + Traffic Source Port TCP - OS + Traffic Window Size TCP/Opt x OS Max. Segmentsz. TCP/Opt x OS OS Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 13/41

14 Header-Analysis (example) SYN/ACK Header from Layer 2/3/4 Header-Analysis Header-Fields Header-Information Header-Analysis (example) Header-Analysis (example) Example More Examples Summary Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 14/41

15 Header-Analysis (example) SYN/ACK Header from Layer 2/3/4 Header-Analysis Header-Fields Header-Information Header-Analysis (example) Header-Analysis (example) Example More Examples Summary Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 15/41

16 Example practical values: Layer 2/3/4 Header-Analysis Header-Fields Header-Information Header-Analysis (example) Header-Analysis (example) Example More Examples Summary OS TOS DF TTL Window Options Win tsval=0, SACK Win SACK Linux tsval>0, SACK Linux tsval>0, SACK Linux tsval>0, SACK FreeBSD tsval>0 FreeBSD tsval>0 OpenBSD tsval=0, SACK 2.x Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 16/41

17 More Examples Layer 2/3/4 Header-Analysis Header-Fields Header-Information Header-Analysis (example) Header-Analysis (example) Example More Examples Summary examples (p0f - SYN/ACK analysis): - Windows 2000 SP4 - unknown - NetApp Data OnTap 6.x - Windows 2000 (SP1+) (firewall!) - Solaris 7 (up: 2533 hrs) - FreeBSD (up: 9 hrs) - Windows 2000 SP4 - Windows 2000 SP4 - Linux recent 2.4 (1) (up: hrs) - Linux recent 2.4 (1) (up: 5664 hrs) - Linux recent 2.4 (up: 2804 hrs)... Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 17/41

18 Summary Layer 2/3/4 Header-Analysis Header-Fields Header-Information Header-Analysis (example) Header-Analysis (example) Example More Examples Summary fingerprinting without sending any data utilizes imprecise standard definitions or deviations of OSes from standards (RFC) cumulative analysis of different header fields manually nearly impossible (huge information databases) automated tools (ettercap, siphon, p0f) BUT: very slow / imprecise! active analysis is more accurate new techniques (AI / Fuzzy Match) improve accurancy Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 18/41

19 Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 19/41

20 Layer 4 (Application Level) Layer 4 (Application Level) Layer 2/3 (OS Level) OS Detection Tools sending packets and analysing the response classical manual banner grabbing e.g. FTP, HTTP, POP, IMAP, SMTP, SSH, NNTP, Finger... binary analysis e.g. /bin/ls from FTP server (which binary format (ELF, COFF) OS) well known ports e.g. 80 HTTP, 22 SSH,... easy to prevent/fake e.g. 222 SSH (ipcop) application fingerprinting (sending special requests, evaluate (error) responses) automated tools: thc-amap, nmap (-sv) Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 20/41

21 Layer 2/3 (OS Level) Layer 4 (Application Level) Layer 2/3 (OS Level) OS Detection Tools send special crafted IP packets and analyse the response easy to detect e.g. IDS notifies attempts (see portscan) firewall can block results e.g. stateful firewalls block connectionless FIN packets firewall can modify results e.g. change TTL, TOS or filter out Options with iptables Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 21/41

22 OS Detection Tools Layer 4 (Application Level) Layer 2/3 (OS Level) OS Detection Tools de-facto standard: nmap from Fyodor a lot of active fingerprinting techniques (FIN to open port, ISN Sampling, ICMP Tests, TCP Options, Fragmentation Handling...) is recognized by many IDS or packetfilters and can be filtered easily nmap needs one opened and one closed TCP-Port + one closed UDP-Port (often not possible firewall) other metrics have to be found others: xprobe2 - fuzzy logic, similar to nmap queso - no further development Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 22/41

23 Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 23/41

24 Old Techniques Old Techniques RING RING - Examples Overview Fingerprinting Idle Scan Idle Scan - Example Finding Zombies Firewalking Firewalking - Example Firewalking (2) Inverse Mapping normal inconspicuous packets to different IP s e.g. FIN, ACK, DNS-Reply only for stateless firewalls / IDS non existing hosts: router sends ICMP host unreachable -> attacker concludes network structure / used addresses Slow Scan packet-rate < 1 packet/hour very hard to detect automatically Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 24/41

25 RING Old Techniques RING RING - Examples Overview Fingerprinting Idle Scan Idle Scan - Example Finding Zombies Firewalking Firewalking - Example Firewalking (2) RING (Remote Identification Next Generation) TCP retransmissioncount and -time is used! deviations from RFC2988 (defines a retransmission algorithm) tools: snacktime, Cron-OS, tbit Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 25/41

26 RING - Examples Old Techniques RING RING - Examples Overview Fingerprinting Idle Scan Idle Scan - Example Finding Zombies Firewalking Firewalking - Example Firewalking (2) snacktime evaluation: - Windows_2000_Server_SP3 - Windows_XP_Professional - no retransmission - no retransmission - Linux_2.4.9_Alpha (???) - Generic_BSD_Stack - no retransmission - RST after first retrans! - Linux_ no retransmission - Linux_ Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 26/41

27 Overview Fingerprinting Old Techniques RING RING - Examples Overview Fingerprinting Idle Scan Idle Scan - Example Finding Zombies Firewalking Firewalking - Example Firewalking (2) Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 27/41

28 Idle Scan Old Techniques RING RING - Examples Overview Fingerprinting Idle Scan Idle Scan - Example Finding Zombies Firewalking Firewalking - Example Firewalking (2) no packet sent directly sending through zombie hosts using predictable IP fragment-numbers suitable for testing IP-based filter-rules IDS sees zombie as attacker tool: nmap (-D) - decoy scan protect own hosts from being used as zombies: stateful firewall OS with unpredictable or constant fragment-numbers Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 28/41

29 Idle Scan - Example Old Techniques RING RING - Examples Overview Fingerprinting Idle Scan Idle Scan - Example Finding Zombies Firewalking Firewalking - Example Firewalking (2) Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 29/41

30 Finding Zombies Old Techniques RING RING - Examples Overview Fingerprinting Idle Scan Idle Scan - Example Finding Zombies Firewalking Firewalking - Example Firewalking (2) chance to find zombies is relatively high! $ hping2 -SA -p 80 len=46 ip= ttl=46 DF id=216 sport=80... len=46 ip= ttl=46 DF id=217 sport=80... len=46 ip= ttl=46 DF id=218 sport=80... $ ping -c1 $ hping2 -SA -p 80 len=46 ip= ttl=46 DF id=220 sport=80... IP-ID counts up globally! more useable zombies: (hosting georgewbush.com :) mx2.freebsd.org Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 30/41

31 Firewalking = analyze the hosts behind a firewall e.g. test if IP is up: Old Techniques RING RING - Examples Overview Fingerprinting Idle Scan Idle Scan - Example Finding Zombies Firewalking Firewalking - Example Firewalking (2) SYN-packets are dropped by firewall SYN/ACK not (only stateful FWs) use SYN/ACK packets to scan IP s behind FW ruleset of the FW can be guessed Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 31/41

32 Firewalking - Example Old Techniques RING RING - Examples Overview Fingerprinting Idle Scan Idle Scan - Example Finding Zombies Firewalking Firewalking - Example Firewalking (2) e.g. portscan of wald.informatik.tu-chemnitz.de ( ): archimedes: # hping2 wald.informatik.tu-chemnitz.de -p 22 -A HPING wald.informatik.tu-chemnitz.de (eth ): A set... len=46 ip= ttl=55 DF id=0 sport=22 flags=r seq=0 win=0 rtt=64.3 ms len=46 ip= ttl=55 DF id=0 sport=22 flags=r seq=1 win=0 rtt=64.8 ms port 22 (ssh) open archimedes: # hping2 wald.informatik.tu-chemnitz.de -p 81 -A HPING wald.informatik.tu-chemnitz.de (eth ): A set... ICMP Port Unreachable from ip= name=wald ICMP Port Unreachable from ip= name=wald port 81 closed are the pool-computers switched on during the weekend? HPING donau.hrz.tu-chemnitz.de (eth ): SA set... len=46 ip= ttl=55 DF id=0 sport=82 flags=r seq=0 win=0 rtt=62.5 ms len=46 ip= ttl=55 DF id=0 sport=82 flags=r seq=1 win=0 rtt=65.4 ms yes ;o) Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 32/41

33 Firewalking (2) Cambridge Technology Partners: A Traceroute-Like Analysis of IP Packet Responses to determine Gateway Access Control Lists. Old Techniques RING RING - Examples Overview Fingerprinting Idle Scan Idle Scan - Example Finding Zombies Firewalking Firewalking - Example Firewalking (2) newer development phase 1: determine hop-count to FW (Gateway) = HC(FW) phase 2: packets with TTL=HC(GW)+1 for SYN scan if HC(target) > HC(GW)+1 no packet reaches target open port: ICMP Time exceed closed Port: no answer (timeout) prevention: drop outgoing ICMP time exceed packets application proxy Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 33/41

34 Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 34/41

35 TCP/IP Stack Tuning TCP/IP Stack Tuning Linux Kernel Modifications Deep Packet Inspection DPI - Example Linux (adjustment of kernel parameters): /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts = 1 /proc/sys/net/ipv4/conf/*/accept_source_route = 0 /proc/sys/net/ipv4/conf/*/rp_filter = 1 (prevent spoofing) /proc/sys/net/ipv4/ipfrag_high_thresh =? (fragments will be dropped when this valua is reached - Rose Attacks?) /proc/sys/net/ipv4/ipfrag_low_thresh =? (fragments will be accepted again under this level) /proc/sys/net/ipv4/conf/*/log_martians (log packets with unusual addresses) /proc/sys/net/ipv4/ip_default_ttl =? (confuses simple OS detection) appropriate values on other Operating Systems (e.g. sysctl with BSD) Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 35/41

36 Linux Kernel Modifications TCP/IP Stack Tuning Linux Kernel Modifications Deep Packet Inspection DPI - Example Grsecurity larger entropy pools (better random numbers) randomized TCP Initial Sequence Numbers (confuses OS detection) randomized IP IDs (prevents zombie -scans) randomized TCP source ports (confuses OS detection) IP Personality changeable characteristics to pretend other TCP/IP stacks nice tool, but only up to kernel :-( own modifications in kernel sources z.b. no answer to illegal packets: /usr/src/linux/net/ipv4/* change the window size: /usr/src/linux/include/net/tcp.h (MAX_TCP_WINDOW)... Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 36/41

37 Deep Packet Inspection TCP/IP Stack Tuning Linux Kernel Modifications Deep Packet Inspection DPI - Example Firewall Evolution Firewall - protect IDS - observe today: manual adding of firewall rules after notification from IDS problem: fast attacks (Code Red, Nimda) deep packet inspection = FW + IDS coupled exploits and scan attempts can be interrupted automatically e.g. layer 4 monitoring (see PIX fixup command) next slide Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 37/41

38 DPI - Example TCP/IP Stack Tuning Linux Kernel Modifications Deep Packet Inspection DPI - Example Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 38/41

39 Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 39/41

40 ?? Sources Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 40/41

41 Sources? Sources own experience :o) Laurent Joncheray: Simple Active Attack Against TCP, 1995 Kevin Timm: Passive Network Traffic Analysis, 2003 Lance Spitzner: Passive Fingerprinting, 2000 Fyodor: Remote OS detection via TCP/IP Stack FingerPrinting, 1998 Intranode Research: RING - Full Paper, 2002 Synnergy Networks: Advanced Host Detection, 2001 Cambridge Technology Partners: Firewalking, 1998 Ido Dubrawsky: Firewall Evolution - Deep Packet Inspection, 2003 Torsten Höfler, 21. November 2004 Remote Network Analysis - p. 41/41

Remote Network Analysis

Remote Network Analysis Remote Network Analysis Torsten Hoefler htor@cs.tu-chemnitz.de (DMZ), mostly between two packet filters and application gateways. The different possibilities to connect DMZ-hosts are also shown in Figure

More information

Host Fingerprinting and Firewalking With hping

Host Fingerprinting and Firewalking With hping Host Fingerprinting and Firewalking With hping Naveed Afzal National University Of Computer and Emerging Sciences, Lahore, Pakistan Email: 1608@nu.edu.pk Naveedafzal gmail.com Abstract: The purpose

More information

Passive Network Traffic Analysis: Understanding a Network Through Passive Monitoring Kevin Timm,

Passive Network Traffic Analysis: Understanding a Network Through Passive Monitoring Kevin Timm, Passive Network Traffic Analysis: Understanding a Network Through Passive Monitoring Kevin Timm, Network IDS devices use passive network monitoring extensively to detect possible threats. Through passive

More information

CIT 380: Securing Computer Systems

CIT 380: Securing Computer Systems CIT 380: Securing Computer Systems Scanning CIT 380: Securing Computer Systems Slide #1 Topics 1. Port Scanning 2. Stealth Scanning 3. Version Identification 4. OS Fingerprinting 5. Vulnerability Scanning

More information

Network and Services Discovery

Network and Services Discovery A quick theorical introduction to network scanning January 8, 2016 Disclaimer/Intro Disclaimer/Intro Network scanning is not exact science When an information system is able to interact over the network

More information

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology Port Scanning and Vulnerability Assessment ECE4893 Internetwork Security Georgia Institute of Technology Agenda Reconnaissance Scanning Network Mapping OS detection Vulnerability assessment Reconnaissance

More information

Firewalls. Pehr Söderman KTH-CSC Pehrs@kth.se

Firewalls. Pehr Söderman KTH-CSC Pehrs@kth.se Firewalls Pehr Söderman KTH-CSC Pehrs@kth.se 1 Definition A firewall is a network device that separates two parts of a network, enforcing a policy for all traversing traffic. 2 Fundamental requirements

More information

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap.

Port Scanning. Objectives. Introduction: Port Scanning. 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap. Port Scanning Objectives 1. Introduce the techniques of port scanning. 2. Use port scanning audit tools such as Nmap. Introduction: All machines connected to a LAN or connected to Internet via a modem

More information

Network Scanning. What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide?

Network Scanning. What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide? Network Scanning What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide? Where will our research go? Page : 1 Function - attacker view What hosts

More information

Host Discovery with nmap

Host Discovery with nmap Host Discovery with nmap By: Mark Wolfgang moonpie@moonpie.org November 2002 Table of Contents Host Discovery with nmap... 1 1. Introduction... 3 1.1 What is Host Discovery?... 4 2. Exploring nmap s Default

More information

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering Internet Firewall CSIS 3230 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 8.8: Packet filtering, firewalls, intrusion detection Ch

More information

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall

Firewall Introduction Several Types of Firewall. Cisco PIX Firewall Firewall Introduction Several Types of Firewall. Cisco PIX Firewall What is a Firewall? Non-computer industries: a wall that controls the spreading of a fire. Networks: a designed device that controls

More information

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

CYBER ATTACKS EXPLAINED: PACKET CRAFTING CYBER ATTACKS EXPLAINED: PACKET CRAFTING Protect your FOSS-based IT infrastructure from packet crafting by learning more about it. In the previous articles in this series, we explored common infrastructure

More information

Introduction to Firewalls

Introduction to Firewalls Introduction to Firewalls Today s Topics: Types of firewalls Packet Filtering Firewalls Application Level Firewalls Firewall Hardware/Software IPChains/IPFilter/Cisco Router ACLs Firewall Security Enumeration

More information

NETWORK SECURITY WITH OPENSOURCE FIREWALL

NETWORK SECURITY WITH OPENSOURCE FIREWALL NETWORK SECURITY WITH OPENSOURCE FIREWALL Vivek Kathayat,Dr Laxmi Ahuja AIIT Amity University,Noida vivekkathayat@gmail.com lahuja@amity.edu ATTACKER SYSTEM: Backtrack 5r3( 192.168.75.10 ) HOST: Backtrack

More information

Introduction TELE 301. Routers. Firewalls

Introduction TELE 301. Routers. Firewalls Introduction TELE 301 Lecture 21: s Zhiyi Huang Computer Science University of Otago Discernment of Routers, s, Gateways Placement of such devices Elementary firewalls Stateful firewalls and connection

More information

Chapter 6 Phase 2: Scanning

Chapter 6 Phase 2: Scanning Chapter 6 Phase 2: Scanning War Dialer Tool used to automate dialing of large pools of telephone numbers in an effort to find unprotected THC-Scan 2.0 Full-featured, free war dialing tool Runs on Win9x,

More information

INTRODUCTION TO FIREWALL SECURITY

INTRODUCTION TO FIREWALL SECURITY INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ

More information

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, 2015. Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, 2015. Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Network Security Chapter 3 Cornelius Diekmann Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Version: October 21, 2015 IN2101, WS 15/16, Network Security 1 Security Policies and

More information

Linux Network Security

Linux Network Security Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols

More information

Stateful Firewalls. Hank and Foo

Stateful Firewalls. Hank and Foo Stateful Firewalls Hank and Foo 1 Types of firewalls Packet filter (stateless) Proxy firewalls Stateful inspection Deep packet inspection 2 Packet filter (Access Control Lists) Treats each packet in isolation

More information

Network Security CS 192

Network Security CS 192 Network Security CS 192 Network Scanning (Idlescan) Department of Computer Science George Washington University Jonathan Stanton 1 Today s topics Discussion of new DNS flaws Network Scanning (Idlescan)

More information

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS FIREWALLS Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS: WHY Prevent denial of service attacks: SYN flooding: attacker

More information

Divide and Conquer Real World Distributed Port Scanning

Divide and Conquer Real World Distributed Port Scanning Divide and Conquer Real World Distributed Port Scanning Ofer Maor CTO Hacktics 16 Feb 2006 Hackers & Threats I, 3:25PM (HT1-302) Introduction Divide and Conquer: Real World Distributed Port Scanning reviews

More information

Firewalls. configuring a sophisticated GNU/Linux firewall involves understanding

Firewalls. configuring a sophisticated GNU/Linux firewall involves understanding Firewalls slide 1 configuring a sophisticated GNU/Linux firewall involves understanding iptables iptables is a package which interfaces to the Linux kernel and configures various rules for allowing packets

More information

Chapter 8 Network Security

Chapter 8 Network Security [Computer networking, 5 th ed., Kurose] Chapter 8 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 84Securing 8.4 e-mail 8.5 Securing TCP connections: SSL 8.6 Network

More information

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls

More information

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant

Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant Evading Infrastructure Security Mohamed Bedewi Penetration Testing Consultant What infrastructure security really means? Infrastructure Security is Making sure that your system services are always running

More information

An Introduction to Nmap with a Focus on Information Gathering. Ionuț Ambrosie

An Introduction to Nmap with a Focus on Information Gathering. Ionuț Ambrosie An Introduction to Nmap with a Focus on Information Gathering Ionuț Ambrosie January 12, 2015 During the information gathering phase of a penetration test, tools such as Nmap can be helpful in allowing

More information

FIREWALL AND NAT Lecture 7a

FIREWALL AND NAT Lecture 7a FIREWALL AND NAT Lecture 7a COMPSCI 726 Network Defence and Countermeasures Muhammad Rizwan Asghar August 3, 2015 Source of most of slides: University of Twente FIREWALL An integrated collection of security

More information

How to protect your home/office network?

How to protect your home/office network? How to protect your home/office network? Using IPTables and Building a Firewall - Background, Motivation and Concepts Adir Abraham adir@vipe.technion.ac.il Do you think that you are alone, connected from

More information

Firewall. IPTables and its use in a realistic scenario. José Bateira ei10133 Pedro Cunha ei05064 Pedro Grilo ei09137 FEUP MIEIC SSIN

Firewall. IPTables and its use in a realistic scenario. José Bateira ei10133 Pedro Cunha ei05064 Pedro Grilo ei09137 FEUP MIEIC SSIN Firewall IPTables and its use in a realistic scenario FEUP MIEIC SSIN José Bateira ei10133 Pedro Cunha ei05064 Pedro Grilo ei09137 Topics 1- Firewall 1.1 - How they work? 1.2 - Why use them? 1.3 - NAT

More information

Attack and Defense Techniques

Attack and Defense Techniques Network Security Attack and Defense Techniques Anna Sperotto, Ramin Sadre Design and Analysis of Communication Networks (DACS) University of Twente The Netherlands Attack Taxonomy Many different kind of

More information

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Virtual private network Network security protocols COMP347 2006 Len Hamey Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Public internet Security protocol encrypts

More information

A1.1.1.11.1.1.2 1.1.1.3S B

A1.1.1.11.1.1.2 1.1.1.3S B CS Computer 640: Network AdityaAkella Lecture Introduction Networks Security 25 to Security DoS Firewalls and The D-DoS Vulnerabilities Road Ahead Security Attacks Protocol IP ICMP Routing TCP Security

More information

Firewall Testing. Cameron Kerr Telecommunications Programme University of Otago. May 16, 2005

Firewall Testing. Cameron Kerr Telecommunications Programme University of Otago. May 16, 2005 Firewall Testing Cameron Kerr Telecommunications Programme University of Otago May 16, 2005 Abstract Writing a custom firewall is a complex task, and is something that requires a significant amount of

More information

CS5008: Internet Computing

CS5008: Internet Computing CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is

More information

Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS)

Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS) Firewalls, NAT and Intrusion Detection and Prevention Systems (IDS) Internet (In)Security Exposed Prof. Dr. Bernhard Plattner With some contributions by Stephan Neuhaus Thanks to Thomas Dübendorfer, Stefan

More information

Lecture 5: Network Attacks I. Course Admin

Lecture 5: Network Attacks I. Course Admin Lecture 5: Network Attacks I CS 336/536: Computer Network Security Fall 2013 Nitesh Saxena Adopted from previous lectures by Keith Ross Course Admin HW/Lab 1 Due Coming Monday 11am Lab sessions are active

More information

Firewall implementation and testing

Firewall implementation and testing Firewall implementation and testing Patrik Ragnarsson, Niclas Gustafsson E-mail: ragpa737@student.liu.se, nicgu594@student.liu.se Supervisor: David Byers, davby@ida.liu.se Project Report for Information

More information

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) Network Security ICMP, TCP, DNS, Scanning Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT) Agenda A couple of examples of network protocols that

More information

Scanning Tools. Scan Types. Network sweeping - Basic technique used to determine which of a range of IP addresses map to live hosts.

Scanning Tools. Scan Types. Network sweeping - Basic technique used to determine which of a range of IP addresses map to live hosts. Scanning Tools The goal of the scanning phase is to learn more information about the target environment and discover openings by interacting with that target environment. This paper will look at some of

More information

Firewalls. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Firewall Design Principles

Firewalls. Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49. Firewall Design Principles Firewalls Ola Flygt Växjö University, Sweden http://w3.msi.vxu.se/users/ofl/ Ola.Flygt@vxu.se +46 470 70 86 49 1 Firewall Design Principles Firewall Characteristics Types of Firewalls Firewall Configurations

More information

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall.

Firewalls. Firewalls. Idea: separate local network from the Internet 2/24/15. Intranet DMZ. Trusted hosts and networks. Firewall. Firewalls 1 Firewalls Idea: separate local network from the Internet Trusted hosts and networks Firewall Intranet Router DMZ Demilitarized Zone: publicly accessible servers and networks 2 1 Castle and

More information

Xprobe2++: Low Volume Remote Network Information Gathering Tool

Xprobe2++: Low Volume Remote Network Information Gathering Tool Xprobe2++: Low Volume Remote Network Information Gathering Tool Fedor V. Yarochkin, Ofir Arkin, Meder Kydyraliev, Shih-Yao Dai, Yennun Huang, Sy-Yen Kuo Department of Electrical Engineering National Taiwan

More information

Netfilter / IPtables

Netfilter / IPtables Netfilter / IPtables Stateful packet filter firewalling with Linux Antony Stone Antony.Stone@Open.Source.IT Netfilter / IPtables Quick review of TCP/IP networking & firewalls Netfilter & IPtables components

More information

CS2107 Introduction to Information and System Security (Slid. (Slide set 8)

CS2107 Introduction to Information and System Security (Slid. (Slide set 8) Networks, the Internet Tool support CS2107 Introduction to Information and System Security (Slide set 8) National University of Singapore School of Computing July, 2015 CS2107 Introduction to Information

More information

Solution of Exercise Sheet 5

Solution of Exercise Sheet 5 Foundations of Cybersecurity (Winter 15/16) Prof. Dr. Michael Backes CISPA / Saarland University saarland university computer science Protocols = {????} Client Server IP Address =???? IP Address =????

More information

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection. A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based

More information

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Internet Protocol: IP packet headers. vendredi 18 octobre 13 Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)

More information

Introduction to Firewalls Open Source Security Tools for Information Technology Professionals

Introduction to Firewalls Open Source Security Tools for Information Technology Professionals Introduction to Firewalls Open Source Security Tools for Information Technology Professionals School of Professional Studies (SPS) The City University of New York (CUNY) Aron Trauring Adjunct Professor

More information

Project 2: Firewall Design (Phase I)

Project 2: Firewall Design (Phase I) Project 2: Firewall Design (Phase I) CS 161 - Joseph/Tygar November 12, 2006 1 Edits If we need to make clarifications or corrections to this document after distributing it, we will post a new version

More information

Outline. Outline. Outline

Outline. Outline. Outline Network Forensics: Network Prefix Scott Hand September 30 th, 2011 1 What is network forensics? 2 What areas will we focus on today? Basics Some Techniques What is it? OS fingerprinting aims to gather

More information

Network Mapper and Vulnerability Scanning

Network Mapper and Vulnerability Scanning Network Mapper and Vulnerability Scanning Avviso Per la legge italiana questi strumenti sono equivalenti a strumenti per lo scasso Possono essere posseduti solo da chi ha un ruolo professionale che lo

More information

CIT 480: Securing Computer Systems. Firewalls

CIT 480: Securing Computer Systems. Firewalls CIT 480: Securing Computer Systems Firewalls Topics 1. What is a firewall? 2. Types of Firewalls 1. Packet filters (stateless) 2. Stateful firewalls 3. Proxy servers 4. Application layer firewalls 3. Configuring

More information

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion

Network Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann

More information

Chapter 8 Security Pt 2

Chapter 8 Security Pt 2 Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,

More information

Algorithms and Techniques Used for Auto-discovery of Network Topology, Assets and Services

Algorithms and Techniques Used for Auto-discovery of Network Topology, Assets and Services Algorithms and Techniques Used for Auto-discovery of Network Topology, Assets and Services CS4983 Senior Technical Report Brian Chown 0254624 Faculty of Computer Science University of New Brunswick Canada

More information

Time has something to tell us about Network Address Translation

Time has something to tell us about Network Address Translation Time has something to tell us about Network Address Translation Elie Bursztein Abstract In this paper we introduce a new technique to count the number of hosts behind a NAT. This technique based on TCP

More information

IP Network Scanning & Reconnaissance

IP Network Scanning & Reconnaissance IP Network Scanning & Reconnaissance Hacking for Techies Technical Primer Booklet Matta Security Limited 16 19 Southampton Place London WC1A 2AX +44 (0) 8700 77 11 00 courses@trustmatta.com http://www.trustmatta.com

More information

Linux MDS Firewall Supplement

Linux MDS Firewall Supplement Linux MDS Firewall Supplement Table of Contents Introduction... 1 Two Options for Building a Firewall... 2 Overview of the iptables Command-Line Utility... 2 Overview of the set_fwlevel Command... 2 File

More information

Firewalls. Chapter 3

Firewalls. Chapter 3 Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border

More information

1! Network forensics

1! Network forensics Network Forensics COMP 2555: Principles of Computer Forensics Autumn 2014 http://www.cs.du.edu/2555 1! Network forensics Network Forensics Overview! Systematic tracking of incoming and outgoing traffic!

More information

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Vulnerability Analysis 1 Roadmap Why vulnerability analysis? Example: TCP/IP related vulnerabilities

More information

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall

We will give some overview of firewalls. Figure 1 explains the position of a firewall. Figure 1: A Firewall Chapter 10 Firewall Firewalls are devices used to protect a local network from network based security threats while at the same time affording access to the wide area network and the internet. Basically,

More information

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 40 Firewalls and Intrusion

More information

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015) s (March 4, 2015) Abdou Illia Spring 2015 Test your knowledge Which of the following is true about firewalls? a) A firewall is a hardware device b) A firewall is a software program c) s could be hardware

More information

Network Security. Routing and Firewalls. Radboud University Nijmegen, The Netherlands. Autumn 2014

Network Security. Routing and Firewalls. Radboud University Nijmegen, The Netherlands. Autumn 2014 Network Security Routing and Firewalls Radboud University Nijmegen, The Netherlands Autumn 2014 A short recap IP spoofing by itself is easy Typically used in conjunction with other attacks, e.g.: DOS attacks

More information

Firewalls, IDS and IPS

Firewalls, IDS and IPS Session 9 Firewalls, IDS and IPS Prepared By: Dr. Mohamed Abd-Eldayem Ref.: Corporate Computer and Network Security By: Raymond Panko Basic Firewall Operation 2. Internet Border Firewall 1. Internet (Not

More information

Security: Attack and Defense

Security: Attack and Defense Security: Attack and Defense Aaron Hertz Carnegie Mellon University Outline! Breaking into hosts! DOS Attacks! Firewalls and other tools 15-441 Computer Networks Spring 2003 Breaking Into Hosts! Guessing

More information

What is a DoS attack?

What is a DoS attack? CprE 592-YG Computer and Network Forensics Log-based Signature Analysis Denial of Service Attacks - from analyst s point of view Yong Guan 3216 Coover Tel: (515) 294-8378 Email: guan@ee.iastate.edu October

More information

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls Firewalls, Tunnels, and Network Intrusion Detection 1 Firewalls A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system.

More information

Firewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y 2 01 5 / 2 01 6 P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A

Firewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y 2 01 5 / 2 01 6 P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A Firewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y 2 01 5 / 2 01 6 P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A Slides are based on slides by Dr Lawrie Brown (UNSW@ADFA) for Computer

More information

CS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24

CS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24 Introduction to Computer Networks Lecture24 Network security (continued) Key distribution Secure Shell Overview Authentication Practical issues Firewalls Denial of Service Attacks Definition Examples Key

More information

How the Great Firewall discovers hidden circumvention servers. Roya Ensafi David Fifield Philipp Winter Nick Weaver Nick Feamster Vern Paxson

How the Great Firewall discovers hidden circumvention servers. Roya Ensafi David Fifield Philipp Winter Nick Weaver Nick Feamster Vern Paxson How the Great Firewall discovers hidden circumvention servers Roya Ensafi David Fifield Philipp Winter Nick Weaver Nick Feamster Vern Paxson Much already known about GFW Numerous research papers and blog

More information

Introduction of Intrusion Detection Systems

Introduction of Intrusion Detection Systems Introduction of Intrusion Detection Systems Why IDS? Inspects all inbound and outbound network activity and identifies a network or system attack from someone attempting to compromise a system. Detection:

More information

Visualizations and Correlations in Troubleshooting

Visualizations and Correlations in Troubleshooting Visualizations and Correlations in Troubleshooting Kevin Burns Comcast kevin_burns@cable.comcast.com 1 Comcast Technology Groups Cable CMTS, Modem, Edge Services Backbone Transport, Routing Converged Regional

More information

Firewalls, Tunnels, and Network Intrusion Detection

Firewalls, Tunnels, and Network Intrusion Detection Firewalls, Tunnels, and Network Intrusion Detection 1 Part 1: Firewall as a Technique to create a virtual security wall separating your organization from the wild west of the public internet 2 1 Firewalls

More information

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS)

Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS) Dos & DDoS Attack Signatures (note supplied by Steve Tonkovich of CAPTUS NETWORKS) Signature based IDS systems use these fingerprints to verify that an attack is taking place. The problem with this method

More information

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder. CMSC 355 Lab 3 : Penetration Testing Tools Due: September 31, 2010 In the previous lab, we used some basic system administration tools to figure out which programs where running on a system and which files

More information

7. Firewall - Concept

7. Firewall - Concept 7. - Concept ค อ อ ปกรณ Hardware หร อ Software ซ งถ กต ดต ง เพ อ อน ญาต (permit), ปฏ เสธ(deny) หร อ เป นต วแทน(proxy data) ให ผ านไปย งเคร อข ายท ม ระด บความเช อถ อต างก น 7. - Concept components Network

More information

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Chapter 5: Security Concepts for Networks Firewalls Intrusion Detection

More information

Network Security Management

Network Security Management Network Security Management TWNIC 2003 Objective Have an overview concept on network security management. Learn how to use NIDS and firewall technologies to secure our networks. 1 Outline Network Security

More information

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network

More information

Firewall Tips & Tricks. Paul Asadoorian Network Security Engineer Brown University November 20, 2002

Firewall Tips & Tricks. Paul Asadoorian Network Security Engineer Brown University November 20, 2002 Firewall Tips & Tricks Paul Asadoorian Network Security Engineer Brown University November 20, 2002 Holy Firewall Batman! Your Network Evil Hackers Firewall Defense in Depth Firewalls mitigate risk Blocking

More information

Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial

Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial Rocky K. C. Chang The Hong Kong Polytechnic University Presented by Scott McLaren 1 Overview DDoS overview Types of attacks

More information

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013

CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention. Spring 2013 CS 356 Lecture 19 and 20 Firewalls and Intrusion Prevention Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access

More information

Firewalking. A Traceroute-Like Analysis of IP Packet Responses to Determine Gateway Access Control Lists

Firewalking. A Traceroute-Like Analysis of IP Packet Responses to Determine Gateway Access Control Lists Firewalking A Traceroute-Like Analysis of IP Packet Responses to Determine Gateway Access Control Lists Cambridge Technology Partners Enterprise Security Services David Goldsmith Senior Security Architect

More information

UNDERSTANDING FIREWALLS TECHNICAL NOTE 10/04

UNDERSTANDING FIREWALLS TECHNICAL NOTE 10/04 UNDERSTANDING FIREWALLS TECHNICAL NOTE 10/04 REVISED 23 FEBRUARY 2005 This paper was previously published by the National Infrastructure Security Co-ordination Centre (NISCC) a predecessor organisation

More information

Unverified Fields - A Problem with Firewalls & Firewall Technology Today

Unverified Fields - A Problem with Firewalls & Firewall Technology Today Unverified Fields - A Problem with Firewalls & Firewall Technology Today Ofir Arkin The Sys-Security Group ofir.arkin@sys-security.com October 2000 1 Introduction The following problem (as discussed in

More information

Firewall Tutorial. KAIST Dept. of EECS NC Lab.

Firewall Tutorial. KAIST Dept. of EECS NC Lab. Firewall Tutorial KAIST Dept. of EECS NC Lab. Contents What is Firewalls? Why Firewalls? Types of Firewalls Limitations of firewalls and gateways Firewalls in Linux What is Firewalls? firewall isolates

More information

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP Guide to Network Defense and Countermeasures Third Edition Chapter 2 TCP/IP Objectives Explain the fundamentals of TCP/IP networking Describe IPv4 packet structure and explain packet fragmentation Describe

More information

Chapter 9 Firewalls and Intrusion Prevention Systems

Chapter 9 Firewalls and Intrusion Prevention Systems Chapter 9 Firewalls and Intrusion Prevention Systems connectivity is essential However it creates a threat Effective means of protecting LANs Inserted between the premises network and the to establish

More information

Stop that Big Hack Attack Protecting Your Network from Hackers. www.lauraknapp.com

Stop that Big Hack Attack Protecting Your Network from Hackers. www.lauraknapp.com Stop that Big Hack Attack Protecting Your Network from Hackers Laura Jeanne Knapp Technical Evangelist 1-919-224-2205 laura@lauraknapp.com www.lauraknapp.com NetSec_ 010 Agenda Components of security threats

More information

Proxy Server, Network Address Translator, Firewall. Proxy Server

Proxy Server, Network Address Translator, Firewall. Proxy Server Proxy Server, Network Address Translator, Firewall 1 Proxy Server 2 1 Introduction What is a proxy server? Acts on behalf of other clients, and presents requests from other clients to a server. Acts as

More information

Firewalls. Chien-Chung Shen cshen@cis.udel.edu

Firewalls. Chien-Chung Shen cshen@cis.udel.edu Firewalls Chien-Chung Shen cshen@cis.udel.edu The Need for Firewalls Internet connectivity is essential however it creates a threat vs. host-based security services (e.g., intrusion detection), not cost-effective

More information

Firewalls. Castle and Moat Analogy. Dr.Talal Alkharobi. Dr.Talal Alkharobi

Firewalls. Castle and Moat Analogy. Dr.Talal Alkharobi. Dr.Talal Alkharobi Castle and Moat Analogy 2 More like the moat around a castle than a firewall Restricts access from the outside Restricts outbound connections, too (!!) Important: filter out undesirable activity from internal

More information

Customized Data Exchange Gateway (DEG) for Automated File Exchange across Networks

Customized Data Exchange Gateway (DEG) for Automated File Exchange across Networks Customized Data Exchange Gateway (DEG) for Automated File Exchange across Networks *Abhishek Vora B. Lakshmi C.V. Srinivas National Remote Sensing Center (NRSC), Indian Space Research Organization (ISRO),

More information

Enterprise Network Management. March 4, 2009

Enterprise Network Management. March 4, 2009 Automated Service Discovery for Enterprise Network Management Stony Brook University sty March 4, 2009 1 Motivation shutdown unplug what happen when a network device is unplugged df for maintenance? 2

More information